Hash-based password authentication protocol against phishing and pharming attacks
|
|
- Lawrence Gary Wilkins
- 5 years ago
- Views:
Transcription
1 JOURNAL OF INFORMATION SCIENCE AND ENGINEERING XX, XXX-XXX (201X) Hash-based password authentication protocol against phishing and pharming attacks IKSU KIM 1, YONGYUN CHO 2 1 School of Computer Science and Engineering Soongsil University 369 Sangdo-Ro, Dongjak-Gu, Seoul , Korea 2 Information and Communication Engineering Sunchon National University Suncheon, Jeonnam , Korea Until now, although many researchers proposed a variety of authentication protocol to verify the identity of the clients, most of these protocols are inefficient and ineffective. Gouda et al. proposed an anti-phishing single password protocol, but it is vulnerable to pharming attacks. In this paper, we show that the protocol is insecure, and propose a hash-based password authentication protocol against phishing and pharming attacks. In the proposed protocol, the authentication tickets passed between clients and servers are secure because they are hash values which can be verified only by clients and servers. The authentication ticket is used only once, which ensures that the proposed protocol is secure against a variety of attacks such as replay, man-in-the-middle, phishing, and pharming. Because the proposed authentication protocol does not require encryption keys during the authentication phase, it is suitable for wireless and mobile communication systems. Keywords: authentication protocol, phishing attack, pharming attack, web security, hash function 1. INTRODUCTION In most server-client models, clients log on to a server using an ID and password. However, authentication based on passwords is vulnerable to a variety of attacks, including eavesdropping, man-in-the-middle, and replay. In addition, phishing incidents have been increasing since the ebay phishing incident that occurred in Phishing is a malicious technique that employs social engineering and technical fraud to steal sensitive information and financial account credentials from clients. More than 5 million U.S. clients lost money to phishing attacks in the 12 months ending September 2008, and phishing victims lost an average of $351 per incident [1]. Table 1 shows the summarized phishing statistics from Phishing Activity Trends Report which Anti-Phishing Working Group (APWG) released in April 2012 [2]. Unique phishing reports rose to an annual high of 32,979 in December 2011, and unique phishing websites detected was 48,410. In a phishing attack, an attacker first sets up a fake server that mimics a well-known, legitimate server. The attacker then sends a large number of spoofed s to random clients. If the client receiving the clicks on the hyperlinks in the message, they are Received Fexxxx 1x, 20xx; revised Nxxxx 2, 2009 & March 19, 20xx; accepted Jxxxx 9, 20xx. Communicated by Jxxx. * This work was supported by xxxxxx. 1
2 2 IKSU KIM, YONGYUN CHO redirected to the fake server instead of the legitimate server. The client submits his or her ID and password in order to log on to the fake server, believing it to be the genuine website. As a result, the attacker is able to steal IDs and passwords, which are then used to conduct online transactions. Table 1. Statistical highlights for 2nd Half, Oct. Nov. Dec. Number of unique phishing reports (campaigns) received by APWG from consumers 19,606 25,685 32,979 Number of unique phishing web sites detected 36,733 44,030 48,410 Number of brands hijacked by phishing campaigns Country hosting the most phishing websites USA USA USA Contain some form of target name in URL 66.61% 55.72% 56.94% No hostname; just IP address 1.37% 1.25% 0.92% Percentage of sites not using port % 0.28% 0.64% Most browsers now use the URL filtering method to protect clients from phishing attacks. This method detects phishing servers by using a blacklist file, which lists the URLs of servers reported as phishing servers. However, the URL filtering method cannot detect new phishing sites because it is based on information collected in advance. Therefore, research has been conducted into anti-phishing protocols and services [3, 4, 5, 6]. However, these protocols and services need encryption key operations or an instant messaging service during the authentication phase and are vulnerable to pharming attacks. Gouda et al. proposed an anti-phishing single password protocol [3]. However, this protocol is vulnerable to pharming attacks. In this paper, we show that the protocol proposed by Gouda et al. is insecure, and propose a hash-based password authentication protocol against phishing and pharming attacks. In the proposed protocol, a client first sends an ID to a server. The server then generates and sends an authentication ticket to the client. Only if the server is successfully verified by the client, the client generates and sends another authentication ticket to the server. The client-server authentication tickets can be verified only by the legitimate client and server. Therefore, the proposed protocol is secure against a variety of attacks such as replay, man-in-the-middle, phishing, and pharming, on ubiquitous networks. Moreover, the proposed authentication protocol is suitable for wireless and mobile communication systems because it does not require encryption keys during the authentication phase. The rest of this paper is organized as follows. In Section 2, we explore the evolution of phishing and introduce previous work. Section 3 provides an analysis of the vulnerability of the single password protocol (SPP) proposed by Gouda et al., and describes the proposed protocol. Section 4 analyzes the security of the proposed protocol, and Section 5 concludes this paper.
3 HASH-BASED PASSWORD AUTHENTICATION PROTOCOL AGAINST PHISHING AND PHARMING 3 ATTACKS 2. RELATED WORKS 2.1 Evolution of Phishing In phishing attacks, after an attacker sets up a fake server that mimics a well-known legitimate server, he sends s written in HTML to random clients, as shown in Fig. 1. Fig. 1. Phishing . If the recipient of the clicks the hyperlink in the message, they are redirected to a fake server instead of the TrustedLand server. The hyperlink in the is actually as follows: <a href=" The recipient believes that they have been redirected to the TrustedLand server. Therefore, they willingly submit their ID and password to log on to the fake server. Thus the submitted passwords are exposed to the attacker. If the client notices the address of the fake server in the address bar in the browser, they could perceive the phishing attack because the address is not the address of the legitimate server. Sometimes attackers register a domain name similar to that of a legitimate server. For example, if we assume that the domain name of a legitimate server is an attacker might register a domain name such as which uses the number 1 instead of the letter l. This would make it much more difficult to notice that the address is fake, and that it is a phishing attacks. In the case of a browser spoofing attack, it is much more difficult for clients to detect phishing attacks by looking at the address of the website [7]. In this type of attack, the attacker hides the address bar and places a textbox at the top of the webpage that
4 4 IKSU KIM, YONGYUN CHO looks like the address bar. The textbox then contains the address of the legitimate server. The client might not notice that the address bar looks slightly different, and will therefore not perceive the browser spoofing attack. For a successful browser spoofing attack, the browser must be able to create a new pop-up window by calling the method window.open(). Clients can prevent browser spoofing attacks by enabling the pop-up blocking feature provided by most reputable web browsers. Pharming attacks can be conducted by exploiting vulnerability in DNS server software, which is a more advanced type of attack than phishing. Here, attackers alter the IP address information stored in a DNS server so that even when clients input the correct domain name of a legitimate server in their web browser, they are redirected to a fake server. In this case, the address in the address bar in the browser shows the correct address of the legitimate server, which makes it very difficult to perceive the pharming attack. 2.2 Previous Work There are many anti-phishing security solutions that use browser extensions and toolbars in order to reduce the risks of phishing attacks [8, 9, 10, 11, 12, 13]. Web browsers such as Internet Explorer and Firefox support browser extensions and toolbar functions that developers can use to implement anti-phishing tools. Microsoft Internet Explorer provides a SmartScreen Filter that helps detect phishing servers. Using a list of reported phishing servers, the SmartScreen Filter checks whether clients are visiting a phishing server [8]. If clients visit a phishing server, the SmartScreen Filter displays a warning message. However, the SmartScreen Filter cannot detect phishing servers other than those that have already been reported. For this reason, Sharifi et al. proposed a blacklist generator that maintains an up-to-date blacklist of phishing servers [14]. The evaluation results of the technique have shown an accuracy of 91% in detecting legitimate pages and 100% in detecting phishing servers. Miyamoto et al. proposed a filtering algorithm called SPS [15] that protects clients from phishing attacks by removing part of the malicious content that traps clients into entering personal information. In SPS, URLs on HTML documents are checked by a URL filtering component. If a URL is suspicious, the HTTP response sanitizing component removes any input forms from the HTML documents. However, SPS is vulnerable to pharming attacks. Chou et al. proposed SpoofGuard [16] that examines the domain name, images, and links on HTML documents to detect phishing attacks. SpoofGuard provides traffic lights (green, yellow, or red) in a toolbar indicating whether the HTML documents are spoofed. SpoofGuard displays a warning if client opens a new account with the same ID and password. Ross et al. proposed PwdHash [17], which stores the hash value of a client s password and server domain name rather than storing the client s password in a password file. Therefore, although a client might use the same password on several servers, the verification information stored on each server is different. PwdHash makes it more difficult for attackers to find passwords through dictionary and brute-force attacks, but it is also vulnerable to pharming attacks. Sandirigama et al. proposed a simple and secure password authentication protocol (SAS) [18]. However, Lin et al. showed that SAS was vulnerable to a message replay
5 HASH-BASED PASSWORD AUTHENTICATION PROTOCOL AGAINST PHISHING AND PHARMING 5 ATTACKS attack [19]. Huang et al. proposed an anti-phishing authentication service with one-time passwords instead of fixed passwords [4]. This service requires instant messaging services, which means that clients must install at least one instant messaging client. A one-time password authentication scheme proposed by Kuo and Lee is vulnerable to a modification attack and a replay attack [20]. Kim et al. proposed a scheme that resolves the security flaws found in Kuo and Lee s scheme [21]. However, this scheme requires shared encryption keys. The anti-phishing authentication (APA) protocol and anti-phishing protocol with mutual authentication (APPMA) also require encryption keys in the authentication phase [5, 6]. Gouda et al. proposed the single password protocol (SPP), which is secure against various attacks, including eavesdropping, message replay, and phishing [3]. In this protocol, a client can use the same ID and password on multiple web servers through the use of salted passwords. In SPP, it takes much more time for attackers to crack clients passwords because they cannot create pre-computed hash values of passwords. However, SPP is vulnerable to pharming attacks. 3. HASH-BASED PASSWORD AUTHENTICATION PROTOCOL 3.1 Vulnerability of SPP In this section, we describe SPP and analyze its vulnerability. The notations used in SPP are listed in Table 2 and the protocol is shown in Fig. 2. In this protocol, when C registers with S, C generates a random number n i and ticket verification information MD 2 (n i P S). This information is then sent to S, which it stores in the password file. Thereafter, when C tries to log on to S, S prompts C with the stored value, n i. C generates ticket MD(n i P S) for authentication, a new random number n i+1, and new ticket verification information MD 2 (n i+1 P S) and sends everything to S. S then authenticates C using the ticket verification information stored in the password file. If C is successfully authenticated, S replaces n i and MD 2 (n i P S) by n i+1 and MD 2 (n i+1 P S), respectively. Notation Table 2. SPP notation. Representation C Client S Server P Password remembered by client n, n i Random number MD() One-way hash function MD 2 () MD(MD()) Concatenation
6 6 IKSU KIM, YONGYUN CHO Fig. 2. SPP protocol. SPP is vulnerable to pharming attacks when an attacker is able to replace the IP address of a legitimate server with that of the malicious server on a DNS server. As shown in Fig. 3, when a client, C, tries to log on to the legitimate server, the identification information first passes through the malicious server, which forwards it to the legitimate server. The legitimate server responds by sending n i to the malicious server, which passes this on to the client, C. Now, the client C sends MD(n i P S) n i+1 MD 2 (n i+1 P S) to the malicious server, and the server has access to the login information. The attacker can now log on to the legitimate server using the information. 3.2 Registration Phase Fig. 3. Attack on SPP protocol. In this section, we present a hash-based password authentication protocol against phishing and pharming attacks over the Internet. In the proposed protocol, we first assume that clients choose secure passwords against brute force attacks and dictionary attacks. In other words, the passwords consist of at least eight random characters. On a standard computer keyboard, the character types include 10 numeric numbers, 26 lower-
7 HASH-BASED PASSWORD AUTHENTICATION PROTOCOL AGAINST PHISHING AND PHARMING 7 ATTACKS case characters, 26 uppercase characters, and 32 special characters. The number of combination for a password length of 8 digits is It would therefore potentially take years for an attacker to try every possible combination of letters, numbers, and special characters before discovering the correct one. Second, we assume that the proposed protocol is used with the Secure Sockets Layer (SSL) that provides communication security over the Internet. The reason for assuming so is because most servers, such as banking servers, server, and online shopping servers, are using the SSL for security. The SSL can prevent eavesdropping and tampering, but it is still vulnerable to man-in-the-middle attacks. In the proposed protocol, the SSL protocol runs before the registration phase begins, as follows: Step 1: A client s machine requests the registration page from a server. Step 2: The server sends its certificate to the client s machine. Step 3: The client s machine authenticates the server and generates a session key. Step 4: The client s machine encrypts the session key with the server s public key and sends the encrypted session key to the server. Step 5: The server decrypts the encrypted session key with its private key. Now the client s machine and server can securely send and receive messages, and the registration phase begins. The registration phase is shown in Fig. 4 and the notation used in this section is listed in Table 3. Table 3. Notation. Notation Representation ID Identity of client P Original password of client P Password submitted by client D Domain name of legitimate server D Domain name of fake server IP hs Source IP address in packet header IP s Server IP address IP c Client IP address N s Random nonce generated by server H() One-way hash function M c Verification message from client M s Verification message from server Concatenation Exclusive-or
8 8 IKSU KIM, YONGYUN CHO Fig. 4. Registration phase. When a client registers with a server, he determines an ID and password (P), and enters them into the registration form. Before ID and P are sent to the server, P is hashed with the salt value, D. Thereafter, ID and H(P D) are sent to the server, and the server stores the ID and H(P D) in the password file. 3.3 Authentication Phase The authentication phase is shown in Fig. 5. When a client tries to log on to the server, he inputs his ID and P into the input form for authentication. The client s machine sends only the ID to the server. If the ID exists in the password file on the server, the server generates N s, and computes N s H(P D) and H(P D) H(H(P D) IP s N s ). The server then sends (H(P D) H(H(P D) IP s N s )) (N s H(P D)) to the client s machine. Fig. 5. Authentication phase. Because the client s machine knows P and D, it can compute H(P D). After the
9 HASH-BASED PASSWORD AUTHENTICATION PROTOCOL AGAINST PHISHING AND PHARMING 9 ATTACKS client s machine computes H(P D), it extracts N s from N s H(P D) and computes H(P D) H(H(P D) IP hs Ns), where IP hs denotes the source IP address in the packet header. If H(P D) H(H(P D) IP hs N s ) is the same as H(P D) H(H(P D) IP s N s ) received from the server, the server is verified. This is because the same value for H(P D) H(H(P D) IP hs N s ) can only be computed by the server that knows H(P D). After the client s machine verifies the server, it computes H(P D) H(H(P D) IP c N s ) and sends the computed value to the server. Because the server knows H(P D), IP hs, and N s, it can compute H(P D) H(H(P D) IP hs N s ). If the computed value is the same as H(P D) H(H(P D) IP c N s ) received from the client s machine, the client s machine is verified. The same value for H(P D) H(H(P D) IP hs N s ) can only be computed by the client s machine that knows both H(P D) and N s. If the client s machine and the server are not verified by each other during the authentication phase, the authentication fails. In current situation of the Internet, NAT is widely used in various networks. In the proposed protocol, when a client and/or a server is in private networks, the IP c and/or the IP s have the external IP addresses of the client-side and/or the server-side NAT devices, respectively. Therefore, the proposed protocol can work well in private network environment. 4.1 Eavesdropping Attack 4. SECURITY ANALYSIS An eavesdropping attack is the act of secretly listening to the private conversation of others. On the Internet, an attacker listens to network communication and thus tries to steal a client s password. An eavesdropping attack is impossible when using the proposed protocol. An attacker cannot compute P and H(P D) from the verification messages H(P D) H(H(P D) IP s N s ) N s H(P D) and H(P D) H(H(P D) IP c N s ) exchanged between the client s machine and server. Although the attacker will know D, IP s, and IP c, because the verification messages are created by a one-way hash function and an exclusive-or operation, he cannot find out P and H(P D). Therefore the proposed protocol is secure against eavesdropping attack without using the SSL. 4.2 Message Modification Attack Sometimes, an attacker modifies the verification messages between a client and a server to find out the client s password or to gain unauthorized access. In the proposed protocol, all verification messages are created using a one-way hash function and an exclusive-or operation. Therefore, it is impossible to regenerate valid verification messages by modifying an existing message. Because the attacker cannot log on to the server without using valid verification messages, the proposed protocol is secure against message modification attacks without using the SSL. 4.3 Message Replay Attack
10 10 IKSU KIM, YONGYUN CHO A message replay attack is the act of intercepting the message and retransmitting it. An attacker listens to network communication and intercepts messages, which include verification information. The attacker then tries to log on to the server by replaying the verification messages. Let us assume that an attacker intercepted an ID and verification message, M c. After the attacker sends the ID, he replays the verification message, M c, in an attempt to log on to the server. In order to verify the client, the server computes H(P D) H(H(P D) IP hs Ns), and then compares the value with the verification message, M c. Because M c includes a random nonce, N s, it is a one-time message. Therefore, M c and H(P D) H(H(P D) IP hs N s ) are different to each other when the message replay attack occurs. As a result, the attacker cannot successfully execute a message replay attack. Therefore the proposed protocol is secure against message replay attacks without using the SSL. 4.4 Man-in-the-middle Attack A man-in-the-middle attack is the act of relaying messages between the victims, making them believe that they are sending messages directly to one another. Before relaying messages, an attacker sometimes forges the messages. When an attacker forwards the verification messages, M s and M c, exchanged between the client and server in the proposed protocol, because IP s and IP c are different from IP hs, the attacker cannot succeed with a man-in-the-middle attack. In order to generate valid verification messages by modifying IP s and IP c, the attacker has to know P or H(P D). As mentioned in Section 4.1, the attacker cannot establish the values of P and H(P D) from the verification messages, M s and M c. Therefore the proposed protocol is secure against man-in-the-middle attacks. 4.5 Malicious Server Attack In malicious server attacks, an attacker sets up a malicious server and lures clients to register with the server. If clients input their passwords on a fake HTML file, the attacker can read the passwords. In the proposed protocol, when a client registers with a server, he sends the ID and H(P D) to the server. If the client visits a malicious server impersonating a legitimate server, he sends ID and H(P D ), where D denotes the domain name of the malicious server. An attacker can read the values of ID and H(P D ), but cannot read H(P D). Here, H(P D ) cannot be used in the authentication phase on the legitimate server. Therefore, the proposed protocol is secure against malicious server attacks without using the SSL. 4.6 Phishing Attack In a phishing attack, an attacker sets up a fake server and sends a large number of spoofed s to random clients. If a recipient of the attempts to log on to the fake server, their IDs and passwords are exposed to the attacker. In the proposed protocol, when a client visits and tries to log on to a fake server, the client s machine only sends the
11 HASH-BASED PASSWORD AUTHENTICATION PROTOCOL AGAINST PHISHING AND PHARMING 11 ATTACKS ID to the server. The server must then send a verification message to the client. However, the fake server cannot generate the verification message, M s, because it does not know P or H(P D). Only if the client s machine successfully verifies the server using the verification message, M s, does it send the verification message, M c, to the server for verification. Therefore, the proposed protocol is secure against phishing attacks without using the SSL. 4.7 Pharming Attack In a pharming attack, although clients input the correct domain name of the legitimate server in a web browser, they are redirected to a fake server. In the same way as phishing attacks, when they try to log on to the fake server, their IDs and passwords are exposed to the attacker. In the proposed protocol, when a client tries to log on to the legitimate server, the client s ID is sent to the malicious server, and the server forwards it to the legitimate server. After that, the legitimate server sends the verification message, M s, back to the malicious server, and the malicious server forwards it to the client s machine. The client s machine computes H(P D) H(H(P D) IP hs N s ) and compares it to M s. Because the value of IP s that was used to generate M s is different from IP hs, the authentication phase fails. In order to create valid verification messages by modifying IP s, the attacker has to know P or H(P D). As mentioned in Section 4.1, the attacker cannot establish the value of P and H(P D) from the verification message. Therefore, the proposed protocol is secure against pharming attacks without using the SSL. 5. CONCLUSION As people spend more social and economic time on the Internet, the importance of protecting their privacy against attacks such as phishing and pharming attacks also increases. Currently, password authentication is the most common means of authentication on the Internet. Until now, although research has been conducted into possible countermeasures to phishing attacks, most of these methods require encryption keys during the authentication phase and are especially vulnerable to pharming attack. The summary of previous work is shown in Table 4. Table 4. Summary of previous work. Anti-phishing Requirement Drawback Browser extension and tool bar Black list file Cannot detect new phishing servers PwdHash Hash function Is vulnerable to pharming attacks SPS Contents filtering Is vulnerable to pharming attacks SpoofGuard Contents scanning Occasionally raises false alarm SPP Hash function and exclusive-or operation Is vulnerable to pharming attacks Authentication service by Huang et al. IM service Does not operate without using IM service
12 12 IKSU KIM, YONGYUN CHO APA Symmetric key Needs symmetric encryption APPMA Asymmetric key Needs public key operation In order to resolve this problem, we proposed a hash-based password authentication protocol. The proposed protocol is secure against a variety of attacks such as replay, man-in-the-middle, phishing, and pharming without using the SSL. Because the proposed authentication protocol does not use encryption keys during the authentication phase, it does not require high computational resources. Therefore the proposed protocol is suitable for wireless and mobile communication systems. The proposed protocol can be broadly adopted to develop secure applications against a variety of attacks in ubiquitous network environments. REFERENCES M. G. Gouda, A. X. Liu, L. M. Leung, M. A. Alam, SPP: An anti-phishing single password protocol, Computer Networks, Vol. 51, 2007, pp C. Y. Huang, S. P. Ma, K. T. Chen, Using one-time passwords to prevent password phishing attacks, Journal of Network and Computer Applications, Vol. 34, 2011, pp M. Sharifi, A. Saberi, M. Vahidi, M. Zorufi, A zero knowledge password proof mutual authentication technique against real-time phishing attacks, in Proceedings of the 3rd International Conference on Information Systems Security, 2007, pp M. Saeed, H. S. Shahhoseini, APPMA An anti-phishing protocol with mutual authentication, in Proceedings of the 15th IEEE Symposium on Computers and Communications, 2010, pp T. Y. Li, Y. Wu, Trust on web browser: attack vs. defense, in Proceedings of the 1st International Conference on Applied Cryptography and Network Security, 2003, pp reen-filter/ R. Dhamija, J. D. Tygar, Phish and HIPs: Human interactive proofs to detect phishing attacks, in Proceedings of the 2nd International Workshop on Human Interactive Proofs, 2005, pp M. Sharifi, S. H. Siadati, A phishing sites blacklist generator, in Proceedings of the 6th ACS/IEEE International Conference on Computer Systems and Applications, 2008, pp D. Miyamoto, H. Hazeyama, Y. Kadobayashi, SPS: A simple filtering algorithm to thwart phishing attacks, in Proceedings of the 1st Asian Internet Engineering Con-
13 HASH-BASED PASSWORD AUTHENTICATION PROTOCOL AGAINST PHISHING AND PHARMING 13 ATTACKS ference on Technologies for Advanced Heterogeneous Networks, 2005, pp N. Chou, R. Ledesma, Y. Teraguchi, J. C. Mitchell, Client-side defense against web-based identity theft, in Proceedings of the 11th Annual Network and Distributed System Security Symposium, B. Ross, C. Jackson, N. Miyake, D. Boneh, J.C. Mitchell, Stronger password authentication using browser extensions, in Proceedings of the 14th Conference on USENIX Security Symposium, 2005, pp M. Sandirigama, A. Shimizu, M. T. Noda, Simple and secure password authentication protocol (SAS), IEICE Transactions on Communications, Vol. E83-B, 2000, pp C. L. Lin, H. M. Sun, T. Hwang, Attacks and solutions on strong-password authentication, IEICE Transactions on Communications, Vol. E84-B, 2001, pp W. C. Kuo, Y.C. Lee, Attack and improvement on the one-time password authentication protocol against theft attacks, in Proceedings of the 6th International Conference on Machine Learning and Cybernetics, 2007, pp M. Kim, B. Lee, S. Kim, D. Won, Weaknesses and improvements of a one-time password authentication scheme, International Journal of Future Generation Communication and Networking, Vol. 2, 2009, pp Iksu Kim received the B.S., M.S., and Ph.D. in Computer Science from Soongsil University, South Korea, in 2000, 2002, and 2008, respectively. He worked at SKYCOM as a manager until Jan He is a professor of school of computing at Soongsil University from Sep He achieved the CISSP(Certified Information Systems Security Professional) certification in His research interests include system and network security. Yongyun Cho received his BE in Computer Science from Inchoen University, Korea, in And, he received his MS and PhD in Computer Engineering from Soongsil University, Korea, in 1998 and 2006, respectively. Currently, he is a Professor at Information and Communication Engineering, Sunchon University. His research interests include semantic web and web security.
A Smart Card Based Authentication Protocol for Strong Passwords
A Smart Card Based Authentication Protocol for Strong Passwords Chin-Chen Chang 1,2 and Hao-Chuan Tsai 2 1 Department of Computer Science and Information Engineering, Feng Chia University, Taichung, Taiwan,
More informationClient-side Defenses for Context-Aware Phishing and Transaction Generator Spyware
Client-side Defenses for Context-Aware Phishing and Transaction Generator Spyware Collin Jackson Dan Boneh John Mitchell Stanford University Web Threats Phishing Spoof website convinces user to log in
More informationSecurity Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards
Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards Younghwa An Computer Media Information Engineering, Kangnam University, 111, Gugal-dong, Giheung-gu, Yongin-si,
More informationCustom Plugin A Solution to Phishing and Pharming Attacks
Custom Plugin A Solution to Phishing and Pharming Attacks Omer Mahmood School of Information Technology Charles Darwin University Darwin, NT, Australia Abstract - This paper proposes a new method to detect,
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationPREVENTING FROM PHISHING ATTACK BY IMPLEMENTING URL PATTERN MATCHING TECHNIQUE IN WEB
International Journal of Civil Engineering and Technology (IJCIET) Volume 8, Issue 9, September 2017, pp. 1200 1208, Article ID: IJCIET_08_09_135 Available online at http://http://www.iaeme.com/ijciet/issues.asp?jtype=ijciet&vtype=8&itype=9
More informationPhishing Read Behind The Lines
Phishing Read Behind The Lines Veljko Pejović veljko@cs.ucsb.edu What is Phishing? "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationPhishing Activity Trends Report August, 2005
Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial
More informationAUTHENTICATION AND LOOKUP FOR NETWORK SERVICES
Vol.5, No.1, pp. 81-90, 2014 doi: 10.7903/ijecs.1040 AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Daniel J. Buehrer National Chung Cheng University 168 University Rd., Min-Hsiung Township, Chiayi County,
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received rose to 24,853 in, an increase of over 1, from February but still more than
More informationA Hash-based Strong Password Authentication Protocol with User Anonymity
International Journal of Network Security, Vol.2, No.3, PP.205 209, May 2006 (http://isrc.nchu.edu.tw/ijns/) 205 A Hash-based Strong Password Authentication Protocol with User Anonymity Kumar Mangipudi
More informationHandout 20 - Quiz 2 Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2001 Handout 20 - Quiz 2 Solutions 20 Average: 81 Median: 83 Std.
More informationSecurity Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement
Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement Young-Hwa An* * Division of Computer and Media Information Engineering, Kangnam University 111, Gugal-dong,
More informationAn Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table
An Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table B. Sumitra, Research Scholar, Christ University, Bangalore, India (*Corresponding Author)
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of September, 2007 Summarization of September Report Findings The total number of unique phishing reports submitted to APWG in September 2007 was 38,514, an
More informationAN ANTI-SPOOFING TOOL: SPOOFGUARD++
AN ANTI-SPOOFING TOOL: SPOOFGUARD++ A dissertation submitted to The University of Manchester for the degree of MSc in Advance Computer Science in the Faculty of Engineering and Physical Sciences 2011 MOHAMMED
More informationA SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS
ISSN 1392 124X INFORMATION TECHNOLOGY AND CONTROL, 2012, Vol.41, No.1 A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS Bae-Ling Chen 1, Wen-Chung Kuo 2*, Lih-Chyau Wuu 3 1
More informationUsing a Personal Device to Strengthen Password Authentication from an Untrusted Computer
Financial Cryptography - Feb 13, 2007 Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University,
More informationCE Advanced Network Security Phishing I
CE 817 - Advanced Network Security Phishing I Lecture 15 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationA Lightweight Framework for Detection and Resolution for Phishing, Pharming and Spoofing
A Lightweight Framework for Detection and Resolution for Phishing, Pharming and Email Spoofing Pooja Modi 1, Hardik Upadhyay 2, Ketan Modi 3, Krunal Suthar 4 ME Student, Department of Computer Engineering,
More informationClient-side defenses against web-based identity theft
Client-side defenses against web-based identity theft Students: Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty: Dan Boneh and John Mitchell Stanford University PORTIA Project 1 Phishing Attack Spam
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationClientNet. Portal Admin Guide
ClientNet Portal Admin Guide Document Revision Date: June 5, 2013 ClientNet Portal Admin Guide i Contents Introduction to the Portal... 1 About the Portal... 1 Logging On and Off the Portal... 1 Language
More informationRemote User Authentication Scheme in Multi-server Environment using Smart Card
Remote User Authentication Scheme in Multi-server Environment using Smart Card Jitendra Kumar Tyagi A.K. Srivastava Pratap Singh Patwal ABSTRACT In a single server environment, one server is responsible
More informationSecurity Awareness. Chapter 2 Personal Security
Security Awareness Chapter 2 Personal Security Objectives After completing this chapter, you should be able to do the following: Define what makes a weak password Describe the attacks against passwords
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of June, 2007 Summarization of June Report Findings In the June 2007 report the APWG introduces a brand-domain pairs measurement (page 4) which combines the
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session
More informationWeb Security, Summer Term 2012
Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationBerner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2
Table of Contents Hacking Web Sites Broken Authentication Emmanuel Benoist Spring Term 2018 Introduction Examples of Attacks Brute Force Session Spotting Replay Attack Session Fixation Attack Session Hijacking
More informationAn Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol
International Journal of Network Security, Vol.14, No.1, PP.39 46, Jan. 2012 39 An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol Sandeep Kumar Sood Department of Computer
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationAuthentication Security
Authentication Security Hui Zhu Copyright 2005 www.ebizsec.com Agenda Authentication Components Authentication Hacking Consideration for Authentication Security Principle for Authentication Security Case
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationOnline Banking Security
Online Banking Security Fabian Alenius Uwe Bauknecht May 17, 2009 Contents 1 Introduction 2 2 Secure Communication 2 2.1 Password authentication..................... 2 2.2 One-time Passwords.......................
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationMan in the middle. Bởi: Hung Tran
Man in the middle Bởi: Hung Tran INTRODUCTION In today society people rely a lot on the Internet for studying, doing research and doing business. Internet becomes an integral part of modern life and many
More informationA weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords
A weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords Junghyun Nam Seungjoo Kim Dongho Won School of Information and Communication Engineering Sungkyunkwan University 300 Cheoncheon-dong
More informationAn Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards Al-Sakib Khan Pathan and Choong Seon Hong Department of Computer Engineering, Kyung Hee University, Korea spathan@networking.khu.ac.kr
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationEfficient password authenticated key agreement using bilinear pairings
Mathematical and Computer Modelling ( ) www.elsevier.com/locate/mcm Efficient password authenticated key agreement using bilinear pairings Wen-Shenq Juang, Wei-Ken Nien Department of Information Management,
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationPhishing Activity Trends Report January, 2005
Phishing Activity Trends Report January, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent web sites which attempt to trick them into divulging
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationPhishing Activity Trends Report March, 2005
Phishing Activity Trends Report March, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationSecurity Flaws of Cheng et al. s Biometric-based Remote User Authentication Scheme Using Quadratic Residues
Contemporary Engineering Sciences, Vol. 7, 2014, no. 26, 1467-1473 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.49118 Security Flaws of Cheng et al. s Biometric-based Remote User Authentication
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationReview of Phishing Detection Techniques
Review of Phishing Detection Techniques Swati Gaikwad Computer Engineering, DACOE, Pune, India. swatigaikwad0385@gmail.com Abstract Nowadays phishing attacks are increasing with burgeoning rate which is
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationEfficient RFID Authentication protocol for Ubiquitous Computing Environment
Efficient RFID Authentication protocol for Ubiquitous Computing Environment Eun Young Choi 1, Su Mi Lee 1, and Dong Hoon Lee 2 Center for Information Security Technologies(CIST), Korea University, 1, 5-Ka,
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationProviding Security to the Architecture of Presence Servers
Providing Security to the Architecture of Presence Servers Vimitha R Vidhya Lakshmi PG Scholar TKM Institute of Technology Kollam, Kerala, India Anju J Assistant Professor TKM Institute of Technology Kollam,
More informationSmart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme
Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme Y.. Lee Department of Security Technology and Management WuFeng niversity, hiayi, 653, Taiwan yclee@wfu.edu.tw ABSTRAT Due
More informationarxiv: v1 [cs.cr] 5 Sep 2013
Automated Password Extraction Attack on Modern Password Managers Raul Gonzalez Carnegie Mellon University Eric Y. Chen Carnegie Mellon University Collin Jackson Carnegie Mellon University arxiv:1309.1416v1
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationHow to prevent phishing attacks? In 3 Pages. Author: Soroush Dalili irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.
How to prevent phishing attacks? In 3 Pages Author: Soroush Dalili Email: irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.Com March 2009 How to prevent phishing attacks? 1. Introduction Phishing
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationPassword Rescue: A New Approach to Phishing Prevention
Password Rescue: A New Approach to Phishing Prevention Dinei Florêncio and Cormac Herley Microsoft Research, One Microsoft Way, Redmond, WA July 7, 2006 Abstract A phishing attack exploits both the enormous
More informationIPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC
IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC Lin Tao lintao850711@sina.com Liu Wu liuwu@cernet.edu.cn Duan Haixin dhx@cernet.edu.cn Sun Donghong sdh@cernet.edu.cn Abstract IPv6 is widely
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of July, 2007 Summarization of July Report Findings For the first time recorded by the APWG, China has surpassed the United States as the country hosting the
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationSSAC Public Meeting Paris. 24 June 2008
SSAC Public Meeting Paris 1 in Phishing Attacks 2 What is? A phishing attack The attacker impersonates a registrar The phish emails are sent to The registrar's customers (bulk) A particular, targeted customer
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationPrevention Schemes Against Phishing Attacks on Internet Banking Systems
Int. J. Advance Soft Compu. Appl, Vol. 6, No. 1, March 2014 ISSN 2074-8523; Copyright SCRG Publication, 2014 Prevention Schemes Against Phishing Attacks on Internet Banking Systems Seoung Yeop Na, Hyun
More informationSIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels
Network Security - ISA 656 Voice Over IP (VoIP) Security Simple SIP ing Alice s Bob Session Initiation Protocol Control channel for Voice over IP (Other control channel protocols exist, notably H.323 and
More informationThe PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationAn Efficient and Secure Multi-server Smart Card based Authentication Scheme
An Efficient Secure Multi-server Smart Card based Authentication Scheme Toshi Jain Department of r Science Engineering Oriental Institute of Science & Technology Bhopal, India Seep Pratap Singh Department
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationEfficient remote mutual authentication and key agreement
computers & security 25 (2006) 72 77 available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/cose Efficient remote mutual authentication and key agreement Wen-Gong Shieh*, Jian-Min
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More informationJu-A A Lee and Jae-Hyun Kim
Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE 802.11i standard supports a secure access control for wireless LAN and
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationEndpoint Security - what-if analysis 1
Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File
More information